Just a quick rant on the poor support for DNSSEC by registrars and cloud providers.

DNSSEC is a good idea - no it's a GREAT idea from a security standpoint, and there are a lot of really cool things you could implement once DNSSEC is up and running. So, I decide to look into setting it up for an unused domain so I can play around and see what works.

Quick google for free dnssec signing and hmm this looks intersting. http://www.security-dns.net/ wants to encourage DNSSEC and will sign a zone for free, but doesn't host DNS. Fair enough.

20 Minutes into the future and I am very frustrated. Even if you have the technical chops to setup DNSSEC, a large number of registrars aren't capable of handling DNSSEC, many expect that you will setup your own DNS servers.

So what's someone to do?

I know let's see what can be done for DNS hosting. This cloud thing is supposed to be the bestest thing! So, Amazon's Route 53 no DNSSEC support at this time, oookay so how about something else. Google search search Grrr. Nope CloudFlare doesn't work with DNSSEC and "DNSSEC would be somewhat redundant with a lot of what we already do" Yep, they said that. <COUGH> Um. No.